Hole Found; Patch Not Used; Worm Exploits

Thursday, October 27, 2011 @ 05:10 PM gHale

A new worm is turning servers running older versions of the JBoss Application Server into botnet drones.

The malware behind the attack is significant because it targets servers rather than PCs and it relies on exploiting a vulnerability that is over a year old: A flaw in JBoss Application Server patched by Red Hat in April 2010. The worm’s payload includes a variety of Perl scripts, one of which builds a backdoor on compromised machines.

Looking for Duqu’s Real Target
ICS Threat Brewing; Target Unclear
Old Becomes New: DLL Loading is Back
Weak Sites Victimize Visitors

Marcus Carey, security researcher and community manager at Rapid7, said outsourcing practices had exacerbated the patching deficiencies the worm exploited.

“Many businesses outsource web application development and once the application is deployed, service contracts may lapse or IT staff may not be paying much attention to them,” Carey said.

“The use of this new malware associated with JBoss is something we have not seen before. However, the actual vulnerability it is exploiting should have been snuffed out years ago. This is far more a business failure than a software security failure at this point,” he added.

The last edition of Microsoft’s Security Intelligence Report found exploits with a patch available for over a year accounted for 3.2 per cent of compromises. By comparison zero-day attacks were responsible for 0.12 per cent of malicious activity.

Leave a Reply

You must be logged in to post a comment.